LinkDID: A Privacy-Preserving, Sybil-Resistant and Key-Recoverable Decentralized Identity Scheme

TL;DR

LinkDID introduces a decentralized identity scheme that enhances privacy, resists Sybil attacks, enables trustless key recovery, and supports anonymous credentials, addressing key vulnerabilities in Web3 identity management.

Contribution

It proposes a novel blockchain-based identity system that links identifiers, resists Sybil attacks, and allows trustless key recovery without trusted intermediaries.

Findings

Effectively resists Sybil attacks as association grows.

Enables trustless key recovery through association structures.

Achieves fast credential presentation on consumer devices.

Abstract

Decentralized identity frameworks grant users full sovereignty over their digital assets in the Web3 ecosystem. However, allowing arbitrary creation of identifiers makes the system susceptible to Sybil attacks and puts assets at risk when keys are lost or compromised. Moreover, the lack of identification prevents anonymous credential schemes from deterring malicious transfers. While existing solutions attempt to address these issues by linking identifiers to entities through trusted intermediaries, these entities are not always accessible and require costly offline interactions. In this work, we introduce LinkDID, a decentralized identity scheme offering Sybil resistance, trustless key recovery, and nontransferable anonymous credentials. LinkDID creates blockchainbased bindings between identifiers and gradually combines identifiers belonging to the same holder into a unified associated identifier. As all identifiers within an association are presumed to belong to one individual, any fraudulent activity can be detected. The association grows larger as interactions increase, substantially reducing the likelihood of successful Sybil attacks. This mechanism allows holders to recover identifiers with lost or stolen keys by proving knowledge of specific association structures. Additionally, LinkDID prevents unauthorized transfers through blockchain-based identifier-key bindings and proofs of ownership for credentials. The evaluation shows that LinkDID effectively achieves progressive Sybil resistance while surpassing state-of-the-art anonymous credential schemes, achieving identifier association and credential presentation times of 2.41s and 3.31s on consumer-grade devices.